Found, a new rootkit

[Mike McCarty]

Tim wrote:
> On Tue, 2006-04-04 at 00:46 -0500, Mike McCarty wrote:
> 
>>Should include at least one "special" character.
> 
> 
> When telling someone that, you really need to define what you mean by
> "special".  I know the next bit goes somewhat towards that, but it's
> still a bit too vague.  You can also get people trying to use characters
> that can't be used with some password systems.  It would really help if
> password systems would accept any character that you can type on the
> keyboard.

IMO, these rules need to be enforced by the password system itself.
So, exactly what constitutes a "special" character should be built
into it, and if an invalid character is detected, then a useful
error message should be generated.

Anyway, I wasn't trying to write out a fully comprehensive set of rules.
I was simply stating what I consider to be the minimum security.
Guidelines, not rules.

Another good guide is:

Enforce changing of passwords on at least a monthly basis.
Do not permit re-use of old passwords.

>>Should not include non-graphic characters (like CR, LF, CTRL-A).
>>Should be at least 6 and preferably over 8 characters long.
>>Should be "rememberable".
>>Should *not* be written down anywhere.
> 
> 
> The last two being a key problem.  By now, I've amassed about a dozen
> passwords that I just cannot remember.  Even if I wanted to make
> memorable passwords, too many systems are so limited that you can't
> easily do it (e.g. passwords are too short, etc.).  Then there's the
> problem of remembering which password belongs to what account.  Writing
> them down, or writing down the reminder trick, becomes the only way to
> do so.

See my other message about writing down.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!